As customers move to architect their data centers to support cloud model to enable them to respond quickly to business needs, software management and orchestration plays a key role in making that happen. Simply put you need software that easily integrates with existing infrastructure and provides ease of fabric automation and flexibility, visibility, troubleshooting and operation.
DCNM Dashboard with Customizable Dashlets
Cisco Data Center Network Management (DCNM) has evolved over the years to support such function and need for Nexus switches. The power of the NX-OS with DCNM can accelerate IT efficiencies operational model.
Let’s look at the newly released DCNM version 10 with the built-in data base and high availability:
Fabric automation – DCNM allows customers in Day 0 operation to make big fabric deployments easy, leading to lowered Opex. With Power-On Auto Provisioning (POAP), validated templates and definable fabrics, DCNM lets customers normalize fabric images, devices, provisioning methods, and Fabric underlay settings for reliable, consistent fabric behavior.
DCNM POAP Navigator
Defining New Fabric
Selecting a Validated VXLAN-EVPN Template
Fabric flexibility – Great for brownfield or greenfield deployments whether you have VxLAN, FabricPath and/or VLAN fabrics. Customers who have N7K/N5K and now thinking about VXLAN/IP Fabric — DCNM has you covered and lets you integrate Nexus 9K platform seamlessly. Only the Encapsulation and underlay Templates change.
FabricPath and VXLAN/IP Fabric templates for Nexus 7000
Fabric visibility – Very easy to visualize switches, links, health, vPC connections, FEX, End to end fabric view of network, virtual machine and storage.
VXLAN/IP Fabric and FabricPath on interactive topology view
Large Topology View with Storage
Fabric troubleshooting – in Day 1 & 2 operation, DCNM provides a view of the overall fabric, shows overlays regardless of encapsulation type (e.g. VXLAN or FabricPath), simplifies fabric troubleshooting and helps find things across the enterprise using multi-site/search (Aggregated DCNM search views across multiple sites)..
DCNM Multi-Site Manager
Fabric operation and automation – Engineer and customize the fabric solutions ahead of time to meet your business needs. Consolidate and automate current and next-gen overlay technology (VxLAN and FabricPath) on the same topology/manager. Integrate Border/Edge Router to the fabric seamlessly. Scale to many hundreds of devices. Automate workload deployment for physical or virtual workloads and integrate with virtual machine management (e.g. OpenStack, VMware, UCS Director). Engineer deployment scenarios with a large library of customizable Configuration Profiles.
Fabric Automation Profiles for almost any Host automation scenario
Best of all, DCNM is designed to provide investment protection for customers allowing them to run across all Nexus platforms as well as MDS storage.
What is a Software Development Kit (SDK)? Put simply a set of tools, libraries and documentation to simplify interacting with a REST API. I am super excited, as I know how much simpler it is going to make developing scripts for the Cisco DNA Center API.
The Cisco DNA Center SDK is written in python and provides a python library in PyPI and associated documentation. PyPI is the official python package index, and simplifies installation of the library.
I am going to assume you are familiar with Cisco DNA Center API, so focus on installing and using the SDK.
Installing the Cisco DNA Center SDK
The SDK is available via PyPI, so all that is required is “pip install”
I would recommend using a virtual environment. This is optional, but means you do not require root access and helps keep different versions of python libraries separate. Once created, it needs to be activated, using the “source” command.
If you logout and back in, activation needs to be repeated.
python3 -m venv env3 source env3/bin/activate
To install:
pip install dnacentersdk
You are now able to use the SDK.
Using the Cisco DNA Center SDK
This is super simple. In the past, I needed lots of python code to get an authentication token, then wrap GET/PUT/POST/DELETE REST API calls.
Using the SDK is so simple, I am going to use the python REPL (the python interactive console). To start it, simply type “python” on the command line
$ python python 3.7.2 (default, Jan 13 2019, 12:50:15) [Clang 10.0.0 (clang-1000.11.45.5)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>>
First create a connection to DNAC. Go into the REPL (above) and paste the following commands:
from dnacentersdk import api dnac = api.DNACenterAPI(base_url='https://sandboxdnac2.cisco.com:443', username='devnetuser',password='Cisco123!')
For this example, I am using the DevNet sandbox. If you want to use your own DNAC, just change the base URL and credentials. You might also require “verify=False” if you have a self signed certificate.
In the past this would have been complicated. I needed to get a token, and then make sure I used that token as a header for subsequent requests. This is all taken care of with the creation of the api.DNACenterAPI object.
Now, for the first API call. This call gets all of the network devices, and the for loop prints out the managementIP address. Note that an object is returned, rather than a json structure.
devices = dnac.devices.get_device_list() for device in devices.response: print(device.managementIpAddress)
This shows all of the steps with their output
$ python Python 3.7.2 (default, Jan 13 2019, 12:50:15) [Clang 10.0.0 (clang-1000.11.45.5)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> from dnacentersdk import api >>> dnac = api.DNACenterAPI(base_url='https://sandboxdnac2.cisco.com:443', username='devnetuser',password='Cisco123!') >>> devices = dnac.devices.get_device_list() >>> for device in devices.response: ... print(device.managementIpAddress) ... 10.10.20.51 10.10.20.81 10.10.20.82 10.10.20.80 10.10.20.241 10.10.20.250 10.10.20.242 10.10.20.243 10.10.20.244 10.10.20.245 10.10.20.246 10.10.20.247 10.10.20.248 10.10.20.249 >>>
Documentation
How do you know what methods are available to call? Official documentation is available https://dnacentersdk.readthedocs.io/en/latest/api/api.html
The API is structured around groupings of endpoints. For example, all of the endpoints for network-devices are under “devices”. In the example above, dnac.devices.get_device_list() returns all network-devices.
You can also take advantage of python’s introspection capabilities.
In the example above, a dir(dnac) will return all of the properties and methods for the dnac object. The ones of interest are highlighted
You can then use the help() function to get more information about the particular methods available. In the example below, help for dnac.devices will show a method of get_device_list() which returns all of devices in the inventory.
For the past two years, I have been proud to work on bringing the next generation of SD-WAN technology to our customers. We’ve achieved great success, at significant scale. We’ve learned a lot along to way, as have our customers. It’s safe to say that adopting SD-WAN is important to them.
Today, we can disclose that over 20,000 customers trust Cisco for SD-WAN solutions across our Viptela and Meraki lines (as of Q1, FY2020). We have deployments across industries, and around the world.
Backbone of the Modern Enterprise
IDC research shows that almost 95% of the enterprises they surveyed expect to be using SD-WAN within 24 months. This tracks with our own metrics: As of August 2019, 70% of the Fortune 100 are using Cisco’s SD-WAN solutions.
Clearly, SD-WAN is a critical technology for businesses adopting cloud services. It is the common connective tissue between the campus, branch, IoT, data center, and cloud. It brings all the network domains together and delivers the outcomes business requires. It must align user and device policies, and provide assurance to meet application service-level agreements. It must deliver robust security to every device, and every cloud, that the enterprise’s data touches.
Every customer is looking for agility, but not at the expense of security, visibility, or control.
The transition to SD-WAN is accelerating, thanks to the pervasive adoption of cloud services. Today’s businesses are adopting clouds apps like Microsoft’s Office365 productivity suite and many other SaaS apps. Our surveys show our customers have, on average, 30 paid SaaS applications each. And that they are actually using many more: over 100 in several cases.
As our customers reach these levels of cloud usage, they quickly find that their WAN architectures must change, as well as their entire approach to security. Our customers need to maintain choice and control as their WAN stretches over networks that are outside their control.
To help them grapple with the different public clouds, SaaS apps, colocation facilities and the different types of connectivity available, customers are looking for a trusted advisor to help them navigate the maze of options. What they can’t accept are WAN solutions that require compromise, like getting better application experience, but at the expense of security.
Cisco provides the most secure cloud scale SD-WAN. It is part of our wider strategy to deliver multi-domain networking with an intent-based architecture.
Secure and Cloud-Scale – Why customers trust Cisco
The only way for Cisco to make the move to SD-WAN work is to listen to and collaborate with our customers and partners. We have been doing this for years and will continue to do so. It’s why we are, and will remain, the market leader.
For example, National Instruments was facing the need for drastically more bandwidth across its 88 sites. But the network team’s budget, and its reliance on existing networking links, wasn’t up to the challenge. Stopgap solutions were adding complexity and frustrating employees.
We partnered with National Instruments to bring their WAN under control, with Cisco SD-WAN powered by Viptela. National Instruments’ new network has 30 times the bandwidth of their previous solution, it’s easier to manage, and it’s less expensive to run.
As Luis Castillo, Global Network Team Manager for National Instruments said, “Having more bandwidth at our sites means that our WAN issues aren’t impacting business operations. Software updates that used to take eight hours to replicate across the network now take 10 minutes. We don’t have to bother with call admission control or limiting video quality or the other measures we had to take to deal with bandwidth constraints. We have been unbelievably impressed with the performance, reaching numbers we’ve never been able to before, while at the same time reducing costs like never before.”
In Australia and New Zealand, the plumbing company Reece Group, with 5,000 employees over 600 branches, had embarked on a digital transformation. Peter Castle, a Network Administrator, told us the company wanted to provide an always-connected workplace, for all its staffers across all its locations.
Reece went with Cisco SD-WAN to be able to deploy new apps and features, bring up new locations quickly, and prioritize network traffic for cloud applications. Castle said that with Cisco SD-WAN, “My life as a network administrator is significantly easier. To deploy new configurations and policy changes across the entire network, what would have taken a very long time previously, touching many devices individually, now takes a matter of minutes.”
In banking, we’ve worked with customers like Associated Bank, Wisconsin’s largest bank. The institution has over 5,000 employees over more than 250 branches. After evaluating eight SD-WAN platforms for security, traffic management, scalability, and simplicity of operation, they installed the Meraki MX platform to meet their needs. Associated’s network architect Tim Larson says this solution saved the company over $500,000 annually while improving its average bandwidth to branches by 7,800%.
I’m proud of what we were able to do for National Instruments, Reece Group, Associated Bank, and thousands more SD-WAN customers. Our portfolio is the broadest and the deepest in the industry, and we look forward to working with even more businesses who have their own unique needs.
Simplicity, cost savings, scale, application performance, security, visibility, and investment protection. Combined with our world-class partners and global support and services, we are delivering peace of mind while accelerating our customers’ cloud strategies.
Today marks an important milestone for Cisco’s Data Center offerings to our customers with the unveiling of a new ACI technology ecosystem partner solution. We are pleased to announce availability of “AlgoSec Security Management Solution” on Cisco’s Global Price List.
“AlgoSec Security Management solution (ASMS)” has delivered tremendous value to our joint customers across the world, with its ability to extend ACI’s policy-driven automation to security devices in the fabric, helping them automate policy enforcement for security devices in the fabric and ensure continuous compliance across multicloud ACI environments. To make it easier for our customers to procure that solution, we onboarded AlgoSec to Cisco Global Price List through Cisco DevNet Solutions Plus Program. Now Cisco’s direct and channel sales network can offer AlgoSec’s solution together with Cisco networking products as a single package. For details on AlgoSec solution orderability, check Cisco commerce.
What makes this solution compelling for you as a Cisco customer or a partner? Rapidly changing business needs and application connectivity requirements in modern data centers pose big challenges to ensuring compliance and security. With thousands of firewall rules across many different security devices, frequent changes, limited visibility and lack of trained security personnel , managing security policies manually is now impossible. This is where ASMS (AlgoSec Security Management Solution) comes in.
ASMS automates and orchestrates network security policy management, maps and migrate application connectivity, and proactively analyze risk to applications risk – across any cloud and on-premise networks.
AlgoSec integrates with Cisco ACI to extend ACI’s Application centric policy- based automation to AlgoSec managed security devices across their data center, on its edges and in the cloud. AlgoSec Security Management Solution for ACI enables customers to ensure continuous compliance and automate the provisioning of security policies not just across the ACI fabric but also across multi-vendor security devices connected to ACI fabric, helping customers build secure data centers. The solution is based on Cisco APIC and ASMS integration to deliver a powerful multi-tenant, policy-driven, application-centric model for network security. Read Solution brief for details.
The AlgoSec Security Management Solution comprises three key components – AlgoSec Firewall Analyzer, AlgoSec Fireflow, and AlgoSec Application Connectivity Management.
AlgoSec Firewall Analyzer delivers visibility and analysis of complex network security policies across Cisco ACI, firewalls attached to ACI fabric and other upstream security devices. The solution automates and simplifies security operations including troubleshooting, auditing policy cleanup, risk and compliance analysis and audit preparations.
AlgoSec FireFlow helps you process security policy changes in a fraction of the time, so you can respond to business requirements with the agility they demand. FireFlow automates the entire security policy change process — from design and submission to proactive risk analysis, implementation, validation and auditing with the support for automated policy enforcement on Cisco ACI and multi-vendor security devices, including Cisco ASA & FTD, Check Point Software, Fortinet and Palo Alto Networks.
The AppViz (Application Visibility Add-On) add-on accelerates identification and mapping of all the network attributes and rules that support business-critical applications – making it easier for organizations to make changes to their applications across any on-premise and cloud platform, and to troubleshoot network and change management issues across the entire enterprise environment.
AlgoSec’s AppChange (Application Lifecycle Change Management Add-On) automatically translates and implements network security policy changes on all relevant devices across the entire network to reflect specific connectivity requirement for applications. This saves time for IT and security teams and eliminates manual errors and misconfigurations. AppChange addresses the critical issues of human error and configuration mistakes that are the biggest causes of network and application outages.
These components are offered as independent software licenses and bundles on Cisco’s Global Price List.
In summary, the AlgoSec Security Management Solution integrates with and complements Cisco ACI Anywhere, providing consistent security policy management and visibility across data centers and clouds.
Interoperability and openness should never be a trade-off with security, and our users shouldn’t believe they need to sacrifice one over the other. Interoperability and security can and should work in unison, and this requires today’s software companies to work with some basic norms on how we collectively secure our mutual customers.
Cisco has created a rich partner, developer, and integrator ecosystem so our customers have the flexibility and choice to super-charge their tools and workflows with our collaboration technologies, seamlessly. We are serious about interoperability with the tools you love and use every day. Some examples of the work we have done in this regard include our native integrations with Google, Apple, Microsoft, Slack and more.
This flexibility, choice, and interoperability, however, must come with zero compromises on security and data integrity.
Unsupported collaboration integrations could lead to increased customer risk. Compatibility and security can be challenging, and that is why we will only support third-party collaboration vendors who meet our security standards and who integrate with our products and services through our supported open APIs.
Zoom Connector for Cisco Issue: Interop between Zoom and Cisco Video Devices
Cisco was notified of a serious security risk with the Zoom Connector for Cisco on October 31st, 2019 and followed our well-established process to investigate the issue. We believe Zoom had also been notified on October 31 or thereabouts. On November 18th, our CISO notified Zoom’s CISO of our findings and advised immediate action to address all security risks. I am sharing the details of this issue as we are committed to transparency and to protecting our customers in the constantly evolving security landscape.
The Zoom Connector for Cisco, owned and operated by Zoom Video Communications, connects their cloud to a customers’ internal network and specifically a Cisco Endpoint/Video Device and its management interface.
What was the issue? Regrettably, the access (through a Zoom URL) for the Zoom Connector for Cisco hosted on zoom.us was accessible without authentication.
Issue details: Cisco Webex Devices can be managed through a web interface that provides management of configuration, status, logs, security and of integrations such as in-room controls and macros. The Zoom Connector for Cisco created a device specific URL hosted on the Zoom website for each endpoint configured in the connector. This URL provided access to the device’s web interface by using Zoom’s on-premises API Connector to modify the Cisco web pages so they could be accessed from the Zoom URL outside the customer’s network. Regrettably, this Zoom URL provided from their website was accessible without authentication. In addition, Zoom provided a landing page that copied Cisco’s landing page, including Cisco’s logo and brandings, misleading customers into believing they were on a Cisco webpage with Cisco security, rather than a publicly accessible URL.
The Zoom Connector for Cisco created the following critical security risks:
1. The Zoom URL did not require credentials. Anyone with knowledge of the URL could access it from the public internet, allowing unauthenticated access to a Cisco Webex Device configured and managed through the Zoom Connector for Cisco. Once a person had the URL, they could reach the endpoint directly and control it, including creating a call from that endpoint to eavesdrop onto critical business meetings.
2. Zoom exposed Cisco Webex Devices to perpetual administrative exposure by placing itself between the user and the Cisco interface, modifying the Cisco webpage using unsupported methods through a Zoom URL, thereby bypassing all Cisco Security norms. The Zoom URL did not expire during our testing period. Even when the Zoom administrator changed their password, the Zoom URL managing the Cisco Webex Device lived on.
3. The Zoom URL link did not get revoked if the Zoom administration password was changed or upon deletion of a Zoom administrative user. Thus, an ex-employee would continue to have access to the devices through the firewall from the public internet, if they had the Zoom URL stored in their history.
On November 19th, 2019, Zoom released a “bug fix” that partially addressed the security issues and, after further communication from Cisco, provided an email with incomplete information on the security risks to their affected customers.
Our promise to our customers
At Cisco Webex, we live by secure, simple, and scalable principles. Over my decades in the software industry, I have learned that it is never acceptable to bypass security norms for the sake of convenience and simplicity. And when so much sensitive data is being shared through video conferencing, including the ability to use a device’s camera, security must be of utmost importance. That is the promise we at Cisco hold dearly for every one of our customers, and embodied by the steps we took for this issue:
1. We take every notification seriously, especially from our customers.
2. We engaged our Cisco Product Security Incident Response Team (PSIRT)and the Talos Security Intelligence and Research Group (Talos) to investigate this security risk. The Cisco PSIRT team is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information related to Cisco products and networks. Talos is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products. Cisco has well established practices for investigating and reporting security issues (https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html), and cooperates with industry in researching security issues.
3. As I noted previously, these findings were shared with Zoom on November 18th, 2019.
4. We all live in a heightened state of alert, ready to act proactively as and when notified. Each of us have, over the years, had our own issues and need to cooperate in the future for the sake of our mutual customers. We appreciate Zoom password-enabling these Zoom URLs starting November 19th, 2019. It is a good first step, but we need them to do more. We would like them to take additional steps to use our supported APIs and work with us to certify the solution so that we can secure our mutual customers effectively.
Call to action
If you are a customer using the Zoom Connector for Cisco, please review your administrative logs and analyze the usage to see if there was any breach as a result of the implementation described here.
At present, the Zoom Connector for Cisco is not a Cisco supported solution that meets our standards of enterprise-grade security. Our supported solutions meet the standards our customers expect out of Cisco by using our well documented open APIs.
Ever wish you could take the best of Cisco SD-WAN software and combine it with the best routing platform? Well, you’ll be pleased to know we’re introducing new models, the ISR 1100-4G and ISR 1100-6G, which run Viptela OS on ISR hardware. Now you get best-in-class SD-WAN with best-in-class hardware. All the SD-WAN features you’ve loved on vEdge devices are now available with the ISR 1000 Series.
The ISR 1100-4G and 1100-6G are feature-rich platforms with Cisco SD-WAN delivering WAN, security and multi-cloud capabilities. Viptela OS and Cisco SD-WAN’s vManage provide automated, network-wide deployment, configuration, monitoring, and troubleshooting as well as transport independence, network services, and endpoint flexibility. So, if you are looking to upgrade from the vEdge 100B or vEdge 1000 the ISR 1100-4G/6G provide a powerful replacement.
Give me the specs!
◉ Up to 4 built-in 10/100/1000 Ethernet ports for WAN or LAN with SFP support
◉ 4 GB DRAM, 8 GB bulk flash
◉ Dedicated control plane for service reliability, multicore data plane for higher performance
◉ Embedded device security with high platform reliability
◉ Fanless, compact form factor perfect for branch offices
What can you accomplish with the ISR 1100-4G/6G?
◉ Create a secure automated WAN – Using Cisco SD-WAN you can automatically provision and maintain secure connections across the WAN.
◉ Optimize application performance – Provide a consistent user and application quality of experience for optimal performance across any transport, location and cloud.
◉ Provide secure Direct Internet Access – Multi-layer cloud security delivers comprehensive protection against external and internal threats and provides your users with direct internet access. With Cisco SD-WAN you’ll get cost effective and secure access over the internet and secure access to business critical applications for remote sites.
◉ Simplify management and operations – A single, centralized user interface that is open and programmable gives you the ability to easily scale to thousands of sites.
Not only do the new ISR platforms provide full SD-WAN feature parity with Cisco vEdge devices, they also offer investment protection with the ability to switch to IOS XE SD-WAN in the future.
Cisco DNA Software for Switching is divided into three tiers: Cisco DNA Essentials, Cisco DNA Advantage and Cisco DNA Premier. As you go up in tiers, the features and capabilities become more differentiated. When you attach a Cisco DNA software subscription to your switch, you will also get the bundled perpetual license: Network Essentials or Network Advantage. Network Essentials is bundled with Cisco DNA Essentials, like the name suggests. Network Advantage is bundled with Cisco DNA Advantage or Cisco DNA Premier.
Cisco DNA Essentials, the base tier, offers simplified management and base automation & monitoring, which you’d have access to on the Cisco DNA Center application. Cisco DNA Advantage offers policy-based and all other advanced automation and assurance capabilities, including SD-Access, although some of these capabilities and features do require an integration to Cisco Identity Services Engine (ISE), which is licensed by number of endpoints as well as an ISE instance (you can choose either a physical appliance or a virtual machine/VM). As a result, you can get full SD-Access capabilities in the Advantage level tier if you already have an ISE server and endpoint licenses in your network. If you do not have ISE in your network and want SD-Access, Cisco DNA Premier would offer the best value to get these ISE endpoint licenses, as well as Stealthwatch flow licenses for those who want to deploy Encrypted Traffic Analytics (ETA). With Cisco DNA Premier, all Cisco DNA use cases and required licenses are provided.
Why should I purchase a subscription for my switches?
Subscription matters because it gives you faster access to innovation with access to the latest features, and it gives you enhanced agility and better financial planning with license portability and a linear, predictable budget.
Now, with the bundled perpetual Network stack and DNA subscription licenses, you will get a lot more value for the same price. For those who were accustomed to purchasing LAN Base access switches, you can now get a next-generation Catalyst 9000 series switch with Network Essentials as well as a 3-year Cisco DNA Essentials subscription for less. For those who used to purchase IP Base or IP Services, you can get Network Advantage and a 3-year subscription to Cisco DNA Advantage for less. See the details below:
I purchased Cisco ONE, what about me?
For Cisco ONE customers, we have you covered for an easy transition to Cisco DNA Software subscriptions. When you renew your SWSS (software support service) contract, we will provide entitlement to Cisco DNA Software subscription at no additional cost. So, for the same term and price that you are paying for SWSS, we will include Cisco DNA Essentials or Cisco DNA Advantage subscription licenses. (Cisco ONE Foundation receives Cisco DNA Essentials, and Cisco ONE Advanced receives Cisco DNA Advantage).
What support do I get with the subscription?
With Cisco DNA subscription for switching, there is embedded software support that includes 24/7 TAC support, new software downloads, and knowledge base access. Please note that this support is for the Cisco DNA Subscription components only. All switches also come with E-LLW (Cisco Enhanced Limited Lifetime Warranty) which include the following:
◉ 90 days of Cisco TAC support; local business hours, 8×5
◉ Hardware replacement (next business day where available)
◉ Duration is lifespan of hardware product
For those who are looking for TAC support beyond 90 days on the network stack (Network Essentials/Advantage), you should purchase Solution Support or Smart Net Total Care on the switch, which covers both the hardware and the network stack.
Today, many businesses are shifting from a centralized infrastructure to decentralized applications that run in many clouds. The workload is also shifting from the corporate data center to the edge to access a multicloud environment more efficiently. When you combine the increasing number of users, devices, and locations that need access to cloud applications, you end up with overwhelming IT complexity.
Cisco SD-WAN is a wide area network (WAN) that extends the principles of software-defined networking (SDN) into the WAN. This secure, cloud-scale architecture is designed to meet the complex needs of modern wide area networks and includes:
◉ A predictable application experience that can help improve user productivity by optimizing cloud and on-premises application performance with real-time analytics, visibility, and control.
◉ Security to help protect users, devices, and applications that quickly deploys embedded or cloud security and threat intelligence.
◉ Simplicity at enterprise scale with a single user interface to make it easy to deploy SD-WAN and security while maintaining policy across thousands of sites.
◉ End-to-end visibility with Cisco vManage, which can quickly establish an overlay fabric to connect data centers, branches, campuses, and colocation facilities.
Optional vAnalytics, which identifies connectivity and contextual issues to determine optimal paths for users to get to their destination, regardless of their connectivity.
Cisco SD-WAN includes application-aware routing and application-aware policies that allow real-time policy enforcement for cloud and on-premises solutions. A recent survey showed that many IT organizations were able to bring unplanned outages down by 82% and their software updates now take 51% less time with Cisco SD-WAN.¹
Cisco SD-WAN solutions can help you decrease costs, increase profitability, improve operational efficiencies, provide better performance and integrate security. In a single overlay that extends to data center, cloud, and branch locations, Cisco SD-WAN optimizes software-as-a-service (SaaS) performance for Office 365, Salesforce, and other cloud-based applications. It also delivers seamless connectivity to the public cloud to simplify workflows for Amazon Web Services (AWS), and Azure.
Cisco Delivers a Secure, Intelligent Platform for Multicloud Access
In a multicloud environment, access from distributed branches can lead to challenges such as network management costs and complexity. For example, to deploy or maintain solutions at each branch, you may need to dispatch technicians. Having separate solutions and services at each branch can reduce security, and the geographic distance to many cloud applications can result in suboptimal performance.
Cisco SD-WAN helps you solve these challenges by consolidating regional branch locations into a co-location facility. With the Cisco SD-WAN Cloud onRamp for Colocation solution, you can:
◉ Aggregate your network services for SD-WAN or traditional routing by connecting branch offices to key regional locations and colocations
◉ Deploy secure virtualized network services automatically in minutes, on demand, with centralized policy management
◉ Maintain SLAs and improve user experiences because of proximity to multiple clouds
◉ Reduce transport costs by connecting to multiple clouds and colocation centers
◉ Decrease the need for trained IT professionals at each branch site without sacrificing security
With Cisco SD-WAN, enterprises can choose to deploy and manage Cisco SD-WAN themselves or work with any of our service provider partners who offer Cisco SD-WAN as a managed service.
Managed SD-WAN
With a managed SD-WAN solution, the service provider monitors and maintains the SD-WAN solution for you. The biggest benefit of managed services is that instead of spending time managing the SD-WAN connectivity, your IT resources are freed to perform other important tasks. By taking the managed service approach, you can:
◉ Take advantage of the expertise the service provider has in implementing and managing the SD-WAN infrastructure
◉ Recover the time your IT staff spends on running the business, so they can spend more time implementing IT strategy
◉ Potentially shift to an OpEx model from a purely CapEx model
Oracle Database 19c is a long-term support release of the database, offering customers the best performance, scalability, reliability, and security for all their operational and analytical workloads. The core aim for 19c is stability, as it forms a foundation for next phase of autonomous database optimizations. These optimizations include the ability for the database to automatically create indexes, which allow for the database to self-optimize and maintain optimal configuration.
Additional optimizations in Oracle Database 19c include real-time statistics for all operations and the ability to automatically quarantine problematic sequel. It also includes key unique innovations for core enterprise capabilities. For a lot of customers who run standby databases, Oracle 19c accepts updates to those standby databases, thereby turning the standby from a read-only to a read-mostly asset. In order to deal with streaming data or to have IOT type workloads, 19c provides a new in-memory rows store and API to provide very high speed and high volume data ingest.
Below is the list of some of the new features in Oracle Database 19c:
◉ General – Flashback Standby database when primary database is flashed back
◉ Performance – SQL Quarantine
◉ RAC & Grid Infrastructure – Zero-Downtime Oracle Grid infrastructure patching
◉ Availability – Dynamically change Fast-Start Failover (FSFO) target
◉ Application Development – REST Enabled SQL Support
◉ Automatic Indexing
◉ Database IN-Memory
◉ REAL-TIME Statistics Collections
◉ High Availability
Oracle on A Hyperconverged Infrastructure
The rapidly emerging world of hyperconverged infrastructure (HCI) promises many technical and financial benefits. The marketplace has been quick to recognize and validate the advantages of HCI, which combines the main features of a three-tier architecture – compute, storage, and networking – into a single solution. Having superior, vendor-supplied software is crucial to facilitate easy and efficient management of resources. In addition to managing the essentials of compute, storage and networking layers, HCI solutions also provide features to handle DR and the ability to scale up, with additional nodes as needed.
For an Oracle customer, the benefits of HCI from a technical optimization perspective are clear. You reduce unused hardware capacity through better resource management, eliminate network devices, and scale up your Oracle deployments easily and rapidly in response to rising demand. Adding nodes and moving workloads becomes seamless.
Various considerations while choosing an HCI environment:
◉ A Simple, integrated software stack which allows to do more with less
◉ Consistent, high performance that satisfies demanding business critical applications
◉ Flexible deployment models that align IT expertise with business priorities
◉ Advanced automation capabilities that enable IT agility
◉ Hypervisors that offer confidence and lower risk
Cisco’s Hyperconverged Infrastructure
Businesses across all verticals are seeing benefits behind this tight integration with virtual technologies as well. HCI reduces complexity and fragmentation around having to manage resources sitting on heterogeneous systems; it can reduce data center footprints; and it can greatly reduce deployment risks with validated deployment architectures.
There’s clear demand in the market. Consider this: according to the latest Gartner Magic Quadrant for Integrated Systems report, “hyperconverged integrated systems will represent over 35 percent of the total integrated system market revenue by 2019.” This makes it one of the fastest-growing and most valuable technology segments in the industry today.
With a co-engineered hardware and software solution Cisco has become a Gartner Magic Quadrant leader in HCI with Cisco HyperFlex. Taking in all the considerations listed above while choosing an HCI environment, Cisco’s HyperFlex is a great solution and a great technology to consider while running oracle on. That said, there are numerous critical features that set this technology apart from any other HCI solution out there. One of those aspects revolves around the fact that HyperFlex comes with full network fabric integration. This type of integration allows administrators to create QoS policies and even manage vSwitch configurations that scale throughout the entire fabric interconnect architecture. This approach provides data reliability and fast database performance. Cisco HyperFlex integrates servers, storage systems, network resources, and storage software to provide an enterprise-scale environment for an Oracle Database deployment. This highly integrated environment provides reliability, high availability, scalability, and performance to handle large-scale transactional workloads.
Oracle Databases and Real Application Clusters (RAC) are the core of many enterprise applications, including online transaction processing (OLTP), data warehousing, business intelligence, report generation, and online analytical processing (OLAP). As the amount and types of data increase, you need flexible and scalable systems with predictable performance to address database sprawl. By deploying Cisco HyperFlex with All Flash or All NVMe nodes, you can run your Oracle Database and RAC deployments on an agile platform that delivers insight in less time and at less cost.
Cisco HyperFlex systems with Oracle Database and RAC:
◉ Closely match the needs of databases and applications
◉ Reduce Storage footprint
◉ Optimize storage costs
◉ Deliver predictable database performance
◉ Keep enterprise applications and database available
The first fully engineered hyperconverged appliance based on NVMe storage delivers more of what you need to propel mission-critical workloads:
◉ It provides 71 percent more I/O operations per second (IOPS) and 37 percent lower latency than our previous-generation all-flash node.
◉ Also provides 15% more storage efficiency due to less storage needed when using the Cisco HyperFlex Acceleration Engine.
All-NVMe solutions support the most latency-sensitive applications with the simplicity of hyperconvergence. Our solutions provide the first fully integrated platform designed to support NVMe technology with increased performance and RAS.
As mentioned above, Cisco HyperFlex systems best suites Oracle Database and RAC deployments, best performance at a cost of very low latency. To help you deploy Oracle 19c and Oracle RAC, we deployed Oracle 19c Database on a 4 node HyperFlex cluster and tested it with various configuration profiles. Below are the links to the Oracle whitepaper references containing validation results tested internally. From the test results, it’s clearly evident that Cisco HyperFlex systems can handle OLTP highly intensive workloads by delivering best performance at a very low cost and latency.
The network plays a key role in defending critical infrastructure and IoT. The devices that we are connecting drive our business, enabling us to make smarter decisions and gain greater efficiency through digitization. But how do we ensure those connected devices are acting as intended? From an industrial operations perspective, we need to know that plant operations are nominal, irrespective of cyber threat. The network is well positioned to assist us in detecting misbehaving devices.
Network telemetry for visibility
In order to have assurance of business operations, it is critical to have visibility and awareness into what is occurring on the network at any given time. Network telemetry offers extensive and useful detection capabilities which can be coupled with dedicated analysis systems to collect, trend and correlate observed activity. In the security world we can infer much from network telemetry, from malware behaviour and reconnaissance, to data exfiltration. It is even possible to infer to some extent what is contained in encrypted traffic. Not only can we use this traffic for detection, but also for investigation. Having a historical record of communication also assists with investigating incidents. We can see, for example, what other hosts may have talked to a command and control server, or we can look at any lateral movement from a host.
The first step is to collect Netflow, which is a unidirectional sequence of packets with some common properties that pass through a network device. These collected flows are exported to an external device, the NetFlow collector. Network flows are highly granular; for example, flow records include details such as IP addresses, packet and byte counts, timestamps, Type of Service (ToS), application ports, input and output interfaces.
Exported NetFlow data is used for a variety of purposes, including enterprise accounting and departmental chargebacks, ISP billing, data warehousing, network monitoring, capacity planning, application monitoring and profiling, user monitoring and profiling, security analysis, and data mining for marketing purposes.
For most network devices (including many ruggedized devices used in OT environments), Netflow is simply an option you can turn on sending this data to a Netflow collector. Lower-end switches may not have this option; however, a span port can send traffic to a Netflow Sensor to accomplish this task. Gathering network telemetry visibility is the first step for organisations. The next steps are to utilise tools that can analyse the traffic and look for behavioural anomalies. For more advanced use cases, Encrypted Traffic Analytics (ETA) offers insights into encrypted traffic as well.
Accelerating detection through smarter tooling
The problem of scale in IoT, is also evidenced in security incident detection and response, where we have more traffic to review, and accordingly, more events. We need tools to help us, and Machine Learning (ML) and Artificial Intelligence (AI) based tooling are important technologies, particularly when it comes to network behaviour. Devices, as opposed to humans, tend to have very defined behaviour, so leveraging ML and AI to observe and baseline this behaviour offers high fidelity alert sources.
To really accelerate detection and lower our median time to detect, we need all our tools to work together. We discussed network context and understanding what a device policy should be, at scale. What if we could leverage that same information to assist with detection? Understanding contextual information and what a device’s policy should be, can help increase fidelity of behavioural alerts. Investigators also benefit from having this information integrated into their tools, which helps speed investigations.
As our journey through network automation grows, so does the need for our network tools. Network Engineers have always been considered the absolute escalation point for any performance difficulties and problems, irrespective whether the root cause is really the network, server, or application. Network Engineers are expected to have the knowledge and tools to isolate and identify the issue, collaborating with other teams such as SRE / AppDev to bring it to resolution and often present this in an RCA (root cause analysis).
One of these great tools which can really help is telemetry. In software, telemetry is used to gather data on the use and performance of applications and application components, e.g. how often certain features are used, measurements of start-up time and processing time, hardware, application crashes, and general usage statistics and/or user behavior.
In our network, the demands for data on network state — whether to detect hot spots in the network, or aid decision making on workload placement — requires data at a cadence that traditional methods just can not deliver. SNMP, CLI, and Syslog have limitations that restrict automation and scale. SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change, which can often break scripts.
The traditional use of the pull model – where the client requests data from the network – does not scale when what you want is near real-time data. Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.
Real-time access to operational statistics
Model-driven telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming.
We want more data, when do we want it? Now!
Listening to our community they asked for more model-driven telemetry content, as chance would have this I was working with Jeremy Cohoe. His blog formed the boilerplate for how the new learning lab and the new sandbox was built.
In the new Learning Lab Module, there are four new labs:
1. Introduction to Telemetry on IOS XE
Here you can learn about Telemetry Options, Publications Types, Data Encoding and TIG Software Stack. The TIG software stack refers to the three open-source software components that enable receiving, storing, and visualization the telemetry data.
◉ Telegraf (Collection) with the cisco_telemetry_mdt plugin that decodes the gRPC data to text
◉ InfluxDB (Storage): an open-source time-series database optimized for fast, high-availability storage and retrieval of time series data in fields such as operations monitoring, application metrics, Internet of Things sensor data, and real-time analytics. It provides a SQL-like language with built-in time functions for querying a data structure composed of measurements, series, and points
◉ Grafana (GUI visualization): an open-source platform to build monitoring and analytics dash
2. Enabling Telemetry On IOS XE
This learning labs begin your hand on a section with an overview of the open-source tooling and its configuration required to receive the telemetry information. We set up Cisco IOS XE MDT Configuration and begin receiving data with Telegraf and look at the storage in InfluxDB.
3. Yang Explorer
The YANG data models are found within the IOS XE operating system and can be exported easily from the NETCONF interface with tooling like YANG Explorer. Yang Explorer is an open-source web application which provides a web-based user interface to
◉ Browse yang data models
◉ Create netconf rpc payload
◉ Execute netconf RPCs
◉ Save RPCs to collections
4. Building Grafana with increase Telemetry
We look how to verify and validate the existing configuration within Grafana, as well as how to add an additional telemetry subscription on IOS XE The reason for using Grafana is that it is an open-source metric analytics & visualization suite. It is most commonly used for visualizing time series data for infrastructure and application analytics but many use it in other domains including industrial sensors, home automation, weather, and process control. Here, Grafana is the visualization engine that is used to display the telemetry data. It calls into InfluxDB to access the data that is stored there, which is the same data that Telegraf received from IOS XE.
Experiment with Model-Driven Telemetry in the DevNet Sandbox
Try this for yourself ! Wherever you are on your network programmability journey, the new IOS XE Model Driven Telemetry learning lab is ready. In it, you’ll find all kinds of helpful information.
Before you begin, reserve an instance of the new Model-Driven Telemetry Sandbox. This sandbox is a development area for developers to experiment with Model Driven Telemetry on IOS XE, IOS XR, and NX-OS, and create their own consumers and transformers for their databases. With the telemetry sandbox you’ll be able to use the learning labs against live infrastructure to have a true hands-on experience with the technology.
Digital disruption is affecting every market sector and every industry, every organisation and every user. Yet, innovating often seems slow and complex, and changes are awkwardly interdependent. This make it difficult to communicate in a clear way ‘what’ needs to be done, and even more so to explain ‘why’ and ‘how’. Cisco’s Business Architecture Center of Excellence (BA CoE) was set up to solve exactly this problem: How can Cisco help you, our customers, deliver business impact at speed, through agile and interactive collaboration with both business & IT. Interested? Read on.
Last week at Gartner’s IT Xpo in Barcelona, the focus of Cisco’s booth (see picture below) laid squarely on innovation and how we can accelerate our customers’ business transformation. This was a timely opportunity for me to recap how Business Architects work with our customers, in close collaboration with our partners, our professional services (Customer eXperience, CX), and other innovation-focused groups within Cisco.
Cisco Booth at Gartner IT Xpo: Leading with Innovation
On the left of the booth, experts from Cisco IT shared their experiences – both positive and negative – of running Enterprise IT. They outlined to attendees how Cisco gradually transformed its internal IT operating model to focus on business innovation, improve service quality, increase employee satisfaction, and all this while lowering costs. On the right, Cisco’s Co-Innovation Centers (CIC) team showcased how Cisco works with a varied partner ecosystem to co-create new solutions answering today’s business and societal problems. Examples presented ranged from a system that connects the unconnected in rural areas, to partnerships that increase road safety, and to solutions that improve connectivity on trains.
And in the center, Cisco’s Business Architecture Center of Excellence (BA CoE) tied everything together by detailing the 6 steps we take with our customers to deliver innovation at speed:
1. We create a CxO-level 1-page strategy that connects technology investments with the company’s mission, bringing together a unified digital agenda in a visual way;
2. We harness vertical trends and spell out the business drivers in terms that both Business and IT understand and can act upon;
3. We bridge the gap between Business & IT and gradually transform the IT department into the driver of Digital Transformation;
4. We co-create innovative solutions to answer the most pressing business challenges, leveraging the power of Design Thinking and our partner ecosystem;
5. Through a set of IT “Strategic Plays”, we build the multi-domain architecture that will accelerate business innovation — and we justify the Return on Investment (“IT as a Business”);
6. We continuously orchestrate a healthy Customer eXperience (CX) for our customers, focused on delivering ongoing, mutual business success.
So why are we doing this again? Because driving digital transformation in today’s complex, multi-faceted environment is not evident. Powered by a community of 200 Business Architects (BAs) active throughout the globe, Cisco can help you, our customers, innovate in unique and compelling way:
◉ Practice over theory: for many consultants, conceiving a digital strategy becomes an objective in itself. But really, it’s only paper until the business and the users feel the benefits in their day-to-day interactions. So Cisco Business Architects avoid wasting your precious time and resources on theoretical reports – and instead, we implement real solutions, with visible and tangible impact to your key stakeholders.
◉ Agile and Visual: we proceed quickly and through continuous iterations. The first one is usually completed within 1 or 2 weeks. Fail fast: if you don’t like it, we rapidly change course until we get it right. Communication is key, so we facilitate collaborative workshops powered by Design Thinking and we share the business outcomes through powerful infographics.
◉ Share and Partner: We leverage best practices from our customers all over the world, from multiple sectors, as well as from Cisco’s own internal transformation. We openly share our lessons learned and the solutions we created. We engage our ecosystem of partners to bring you the industry expertise you need, with the impeccable execution you expect.
In this post, I’ll walk you through the 6 phases of a typical BA-led engagement, summarized in the figure below.
Deliver Business Impact at Speed, with Cisco Business Architecture
1. Create the big picture
Cisco Business Architects create a CxO-level, one-page strategy called “Digital Journey Dashboard” (DJD). The DJD is a large infographic that depicts the way your organisation’s strategic business drivers (the ‘why’) connect to your next-gen IT operating model (the ‘how’) and to the multi-domain architecture that will accelerate your business innovation (the ‘what’). It balances the long-term, structural transformation initiatives (the ‘marathon’) with “Business Innovation Sprints” focused on delivering tangible & visible value to the business.
The DJD helps the CIO explain and communicate the digital journey in a manner that is accessible, actionable and easy to understand by business stakeholders, but also by the people in the IT department. It connects future technology investments with the company’s mission and visualizes the unified plan that will deliver business impact at speed.
The power of storytelling and visualization to drive digital transformation
Working in close partnership with our Customer eXperience Centers (CXC), the Business Architects use the DJD to frame the overall, long-term partnership between you and Cisco: rather than pitching our products, we start from your business objectives and derive which challenges we need to focus on first. Only then do we bring into action our technology solutions, our rich partner ecosystem, and our professional services (Customer eXperience, CX).
Build a one-page Strategy to chart your journey to Digital (click to download pdf)
2. Spell out the business drivers
Cisco Business Architects are skilled and tooled to harness the trends specific to your industry/market and spell out the key objectives related to your business drivers, for example:
◉ Customer Experience: How can we deliver an end-to-end, engaging, personalised, omni-channel experience to our customers?
◉ Workforce Experience: How can we evolve the day-to-day working experience of our employees, driving productivity & empowering a forward-looking culture?
◉ Digital First and Data Insights: How can we make better decisions, increase relevancy, availability and speed with advanced analytics and AI?
◉ Co-innovation and Partnerships: How can we run Joint Living Labs with trusted partners to deliver business innovation at speed?
◉ Risk, Security and Compliance: How can we protect and secure our assets to avoid penalties/fines/brand damage, balancing risk with innovation & value to our customers?
◉ Culture of Partnership & Change: How can IT improve trust and open dialog with the business to accelerate impact to market with high quality?
Using powerful Design Thinking tools and engaging with both Business & IT, we crystalize the initiatives that will realize these objectives and express them in terms that everyone understands and can act upon:
Customer Workshop involving Business & IT stakeholders, powered by Design Thinking
Working in close collaboration with Cisco’s Industry Solutions Group (ISG), Business Architects explore the use cases and solutions that are making a difference in your sector. Most often, these solutions require the involvement of specialized partners, able to cater for the unique challenges and opportunities in front of you.
3. Bridge the gap between business and IT
Cisco Business Architects understand the pivotal role played by the CIO and the IT department, repositioning IT from a mere ‘cost center’ to a leader of Digital Transformation. Nearly always, this requires a profound, ongoing evolution of the IT Operating Model, to bridge the gap between Business and IT. But you might wonder how exactly Cisco can provide credible recommendations in this area, since you would usually engage with Cisco on technology-related topics. Enter Cisco IT – yes, that’s our own internal IT department.
For a long time, Cisco has viewed IT as a critical enabler of our business strategy – in fact, we view our IT capabilities as a key competitive differentiator in our ability to deliver the best products, services and solutions to our customers. And in order to quickly adapt to changing business environments and address emerging opportunities and markets, we continuously evolve and fine-tune our IT Operating model.
Why does it matter to you? Because our experts from Cisco IT openly share our lessons learned, covering a whole span of topics, including:
◉ Strategy and Governance: How to be clear and transparent about what the IT department must do, who should do it, when/how, and above all, why?
◉ People, Culture & Communication: How to ensure that IT personnel is embracing and driving the change required by the new digital agenda?
◉ Architecture & IT Service Management: How to architect a service-oriented model, present all IT services through a portal, and automate their delivery to the user?
◉ Service Delivery & Agile Project Management: How can agile principles accelerate speed of innovation and project time-to-market?
◉ Sourcing and Financial Models: How to optimize IT budget and resources through modern consumption and procurement models?
◉ Future Skills and Roles: How to develop skills of the future so that IT can proactively meet the new business requirements?
Cisco IT can help you benchmark where your IT Department stands today in each of these areas (“AS-IS” State), define where your IT capabilities ought to be to meet and exceed the expectations of the business and users (“TO-BE” State) – and of course, help you get from AS-IS to TO-BE.
Cisco IT as Customer Zero
Leveraging the lessons learned from Cisco IT’s own transformation over the last decade, you can avoid the pitfalls we encountered and accelerate your transformation projects. Discover how on our “Cisco on Cisco” portal.
4. Solve business-critical challenges, using Design Thinking
In a 1.5-day collaborative workshop powered by Design Thinking techniques, Cisco Business Architects can help you harmonize the viewpoints of the business executives and IT leaders inside your organization. We call this a “Business Innovation Sprint” (BIS):
Defining “Business Innovation Sprint”
I underlined the word “prescriptive”, because it’s the secret to success of BIS. There are literally hundreds of Design Thinking tools available — and selecting which ones are right for you can be daunting. Following dozens of customer engagements, Cisco Business Architect have made this selection and developed a framework and a process proven to accelerate the speed at which our customers innovate. Effectively, we lower barrier to entry to Design Thinking by providing tested workshop agendas, trainings, tools, templates, etc.
Business Innovation Sprint in action, powered by Design Thinking
Phrasing the Challenge Statement is a critical input to a Business Innovation Sprint. The right BIS Challenge Statement usually aligns to one of these four customer imperatives:
Here are some examples of past challenges we have worked out with customers:
1. “Reimagine your applications” (with a Retail customer) – “How might we… improve our customers’ experience by combining online & offline across the journey, and increase revenue and profitability per customer?”
2. “Secure your data” (with a Financial Services customer) – “How might we… remain compliant while removing friction and delays caused by security procedures?”
3. “Transform your infrastructure” (with a Manufacturing customer) – “How might we… redesign the process of adding a new OT machine in our network in order to reduce provisioning time from 6 months to 1 week?”
4. “Empower your teams” (with a Government customer) – “How might we… rethink the way our internal teams collaborate in order to improve employee happiness, team productivity and cross-functional collaboration?”
The Business Innovation Sprint allows us to create a Minimum Viable Product (MVP) — and because your key stakeholders were involved from the start, we are sure to address their needs and expectations. Cisco Business Architects can then engage one of Cisco’s Co-Innovation Centers (CIC) and/or our regional/global partners to bring the MVP to life, i.e. in production.
5. Build the multi-domain architecture to accelerate innovation
It’s plain and simple: silos kill innovation. Unfortunately, more often than not, technology investments are made case by case – in silo – without looking at the big picture. In order to flourish, innovation needs a platform – a secure, digital platform architected to support and accelerate your business transformation.
This is why Cisco Business Architects make sure each investment you make to fund a Business Innovation Sprint contributes to the gradual built-out of your long-term, multi-domain architecture. At the end of the day, this architecture is going to be your key competitive differentiator, whether you are a university trying to improve services to students and researchers; a bank looking to cross-sell adjacent services to existing customers; or a hospital on a mission to radically change how patients are being cared for.
Business decision makers – who hold the purse strings – find it hard to connect their strategic objectives with the technicalities of architecting this digital platform. This is why it falls upon IT to EXPLAIN and JUSTIFY.
EXPLAIN the linkage between IT’s “Strategic Plays” and the outcomes delivered to the business
Cisco Business Architects leverage the SCIPAB framework to structure and visualize the impact of IT’s “Strategic Plays” in the context of the customer’s Digital Transformation Strategy:
◉ Situation: Objectively, what’s the current state of the business, technology, industry, and/or mega trends?
◉ Complication: What are the critical issues (changes, pressures, demands, etc.) that are impacting the Situation and creating problems or opportunities?
◉ Implication: What are the consequences of failing to act on the problems or opportunities described in the Complication?
◉ Position: We then clearly and confidently state the strategic direction to solve the problems and reap the benefits.
◉ Action: We explain the role everyone needs to play and the key initiatives that will be undertaken in the next few weeks.
◉ Benefit: We describe how the recommended Position and Action will address the stakeholders’ needs, both qualitatively and quantitatively.
Over the years, Cisco Business Architects have developed dozens of SCIPAB storyboards, similar to the one below.
Example of a SCIPAB Storyboard focused on the Employee Collaboration Strategic IT Play (click to download pdf)
JUSTIFY the investment through a financial analysis and ROI model
IT as a Business, or ITaaB, is a structured engagement process and tooling which enable Cisco Business Architects to develop a financial value proposition and demonstrate to your business stakeholders the Capability, Cost, Compliance and Calendar (speed) benefits of evolving towards a multi-domain architecture. Typical areas of focus include: Secure Access, Secure SD-WAN, and Secure DC Network.
ITaaB is a structured process to develop a financial value proposition
6. Create a virtuous lifecycle for ongoing success
Today’s IT projects are more complex and interdependent than ever, spanning multiple technology domains and affecting a myriad of stakeholders. Environments and requirements change every day. In-house IT teams are always short on resources and critical skills.
In this context, success relies on the effective orchestration of all involved parties throughout the business transformation lifecycle.
How Business Architects orchestrate innovation, in 6 steps
Cisco Business Architects are the orchestrators. The tools that we have developed over many years (e.g. Digital Journey Dashboard, Business Innovation Sprints, SCIPAB, ITaaB LITE) empower us to build bridges and establish an open collaboration and clear communication between our customers, our rich partner ecosystem, our professional services (Customer eXperience, CX), as well as engaging the many parties within Cisco focused on customer innovation, including Cisco IT, Industry Solutions Group, Co-Innovation Centers, Customer eXperience (CX), Partner Organisation, etc.